Continuous Improvement, Audit, and the Agile 2014 Conference .. My lessons

 

Agile 2014 Conference session


Every moment we are learning something new. The greatest challenge is to take advantage of this new information and do something substantial – something real – with it.


As an adventureman in the DevOps / Audit space, I have the privilege of evaluating the opportunities, risks, and future directions for many enterprises. The sophistication of these enterprises spans far and wide – From Fortune 20 companies, 700-person agile teams, to small startups and even smaller teams of five. These companies have one thing in common: a desire to create a business partnership that will accomplish secure, privacy minded, and compliant operations. To put it simply, these companies have the passion and rigor of overcoming a Big 4 audit.

On Wednesday I spoke at the Agile 2014 conference with esteemed author and innovator, Gene Kim. Our session title was, Keeping the Auditor away; DevOps Compliance Case Study. Attendees at this lecture benefited from a 90-person open collaboration and sharing of ideas. A few points resonated with me.

On Leadership:
To lead a product development team requires skill beyond balancing the needs and output of the teams; it requires the talent of connecting the development activities to the governance of the business at the highest control level. The ability to serve the customer is only half of the job description. The other half consists of considering internal business stakeholders (internal auditing, marketing, information security, and compliance procedures).

On Execution:

  • As soon as a process that is efficient and effective is identified, automate as many things as possible
  • Automatically set gates throughout the testing process, against the configurable standards
  • Leverage the application gates with configurable standards to conduct repeatable, verifiable, and scalable operational testing
  • Operational testing must include complete and inline testing
  • Centrally manage versioning of the configurations and deployments
  • The testing executed should reflect internal and external requirements, general security, information security, compliance, development, and audit designed safeguards
  • The output of this testing and the automated gates should result in hard evidence that can be easily presented during audits (ie: logs)

Startups and enterprises alike have the opportunity to be more secure, deploy better product, and achieve balance across controls to audit safeguards beyond those of traditional brick-and-mortar development shops. The basic attributes of success are highlighted above. Add some extreme talent in development, integration with security, compliance, and marketing and success is easily obtainable!

Thank you to everyone who attended and contributed. It was a truly outstanding experience and I look forward to continuing the collaboration. The slides from our presentation are available here.


To see the shared toolkit that is being developed for DevOps and Auditors – visit our shared public work in progress at http://bit.ly/DevOpsAudit.


A special thank you to Gene Kim and all those in the space who welcome everyone with a passion and desire to be a part of something great.

Best,

James DeLuccia

 

 

How a leader works across teams – Battlefield Leadership series

La Fiere

At La Fiere Bridge and throughout Normandy on the day of the invasion, soldiers were separated from those that they had trained with for over two years. The leadership ranks and familiarity were lost. Most men were in the wrong place, unsure of their location, without their gear, and were forced to proceed alone. The training of regrouping and proceeding did not serve the Airborne well on that first morning of battle.

What could be described as a case study in disaster is instead one of success. These individuals proactively began to join up with other members of the Allied forces. As the groups grew from two, to four, to ten, and onward, the natural command structure came into force. The individuals became effective in their fields and began to seek out their objectives as a whole.

This was possible due to the training instilled in each other, the respect they had for service they were in, and the ingrained ‘take-the-initiative’ culture of each leader. This was certainly true for the Airborne, but also can be found with the Infantry landing on the beaches.

Business Reflections…

The success here is broken down to two main areas: respect and training. Each individual knew what was demanded of them and what was demanded of the individuals around them. There was an appreciation and respect for the chain of command and authority. This respect was carried from the training to the battle fields. Leaders demonstrated their experience and capability with the troops from the beginning up to the bitter end.

Following the military analogy in business, the battle at La Fiere Bridge conveys a need to have an organization that promotes respectable individuals based on skill and capability. Business success also requires some form of hierarchy that instills direction and command within the units. The hierarchy in some business can be quite flat but even in the flattest organization, there are those who are the ‘go-to’ employees due to experience, budget, and capability to make larger company decisions. This business structure also allows for the smallest of groups to function without the most-senior leadership, so long as there is some senior party involved.

If an organization establishes the first two baseline requirements (skill and capability), it is able to mix individuals and teams together on an as-needed basis. The caveat here is a shared awareness on the ‘command objective,’ or simply ‘the big picture.’

The potential to mix resources has proven highly effective in every branch of the military and is true in business as well. Deploying a team of pure technical individuals is a mistake, and one of only business-minded individuals is similarly at risk of failure. The benefits of diversity within an organization are innumerable. The key here is to instill a level of respect through authority, experience, and competency among diverse crowds.

Takeaways:

  1. Does your organization have a hierarchy that is based on merit?
  2. Is the culture of your business one that respects the established hierarchy?
  3. Is the command objective known?
  4. Is the capability and competency of all levels consistent to allow for the smallest teams to achieve command objectives?
  5. What is the effective size of the teams and what supports are offered to the teams?

What is Battlefield Leadership and what is this series about … 

This is the final paper in this series. As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James

Overcoming team, enterprise, and self analysis paralysis – Battlefield Leadership series

The Only Thing Wrong with Nothing Happening is the Fact that Nothing is Happening

A leader must be effective in the following tasks:

  • Invigorating a unit with disparate needs.
  • Managing time. There is always something a leader can do. Always.
  • Self confidence. Leaders must trust their instincts and previous experiences.
  • Innovation. When confronted with a situation different than planned, a leader needs to devise a new plan of attack.

The battle at Utah Beach demonstrates this with Roosevelt’s commands upon landing in the first wave. Roosevelt succeeded by leading the troops and deciding on the next actions quickly according to factors of the time.

Port en Bessin

Business Reflections…

As a leader of self, family, and business one must adopt these principles. The ability to positively effect these three factions is paramount to success. To succeed in life, one must adopt the following capabilities:

  1. Recognition of scenarios.
  2. Energy to execute.
  3. No hesitation, no analysis; paralysis avoidance.
  4. Foresight, having vision on the second step and continuing forward.
  5. Escaping the echo chamber of the mind and protocol.

 

What is Battlefield Leadership and what is this series about … 

As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James

Amateurs Study Strategy; Experts Study Logistics – Battlefield Leadership series

Angoville ChurchIn the business world, the military analogy “Amateurs strategy; experts study logistics” emphasizes the importance beyond the initial success of a surge effort. Specifically, in relation to D-Day, the analogy shows the importance of establishing a port to provide fuel, reinforcements, ammunition, food, and supplies to the troops. The initial Normandy invasion of 135,000 troops required a daily landing of 15,000 tons of supplies a day and as the presence increased so did the supplies. Thus, the Allies were forced to secure a port.

The Allies chose to build two ports and bring them to the coast of Normandy. This allowed them the opportunity to establish a port at an area that was not heavily fortified (the Germans defended port locations closely). This out of the box thinking allowed the Allies to achieve the objective and support the ongoing mission on land.

Business Reflections…

The importance of innovation and ability to think beyond the traditional structures is sometimes the only pathway to success. Think about Uber, Amazon, and other disruptive methods of transacting business. Each approached the same objective (black cars, books for reading), but achieved the ‘big picture’ in a manner not conceived viable by the incumbents.

The key elements to achieve innovation from lessons at Arromanches:

  1. Focus on the objective and not the details on ‘how.’ This allows for iterations on methods while maintaining the continued support structure.
  2. Establish a team with a leader to drive the innovation. The team should be organized differently than the primary organization. This was done in Britain and allowed the the Skunkworks group to succeed. The Skunkworks failed the first time and were reorganized in a new team to finally reach success.
  3. Plan redundancy. Two Allied piers were built. One of the piers was destroyed by weather (an identified risk), but luckily there was still one standing and supported the logistics for many months.
  4. Demonstrate success capability through detailed analysis. To allay counter arguments, it is necessary to present a clear and evidence-supported case proving how the solution will be successful.

The Supply Chain

Here are a few generally obvious but necessary statements on the make-up of supply chain. The service of the business and the delivery of product depends upon the inputs. These inputs are as important as the final work product. Failure to receive any input or damage of an input will lead to failure in the market. Each input must meet the integrity, quality, and security standards of the product it seeks to become.

Suppliers need to posses integrity to ensure the inputs are not damaged, sabotaged, or fraudulent. The reliability and availability of the inputs need to be vetted with redundant providers and consideration of every part of the delivery channel is key. For instance, regarding a Cloud service provider hosting data: what are the ISPs, routers, equipment, regional laws, etc. that effect this delivery of such a service?

A business must be able to achieve entry into a market category and sustain it! It is not enough to put a toe in the water, but rather sustain the patience and capability to grow in the market. Success is achieved through building scales into the business architecture and forming teams that are innovative and strong enough to become the senior management and leads.


What is Battlefield Leadership and what is this series about … 

This is the fifth paper in this series. As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James

 

How do you decide what is Critical vs. Important – Battlefield Leadership series

The Difference Between Critical and Important

The understanding of self and team dynamic is paramount to success in the business world. The definition of success is ‘the achievement of the general objective.’ All too often individuals, teams, and companies lose focus and become distracted during action. Knowing what is important, being able to recognize a distraction, and refocusing resources on what is most critical are the best steps to success under fire.

Hillman Battery

Even today, A walk through Hillman Battery shows the defensive position of the Germans in the immediate path of the British Infantry. The Allies’ most critical task was to liberate Caen after the invasion, but the Allied (British) unit became distracted with destroying a defensive obstacle and resulted in being stalled for an entire day. Ultimately, The Allies were forced to repel counter attacks by the Germans along their flanks which delayed liberation of Caen until July.

If you are unaware of this part of D-Day, you can check out Stephen Ambrose’s book D-Day, which provides some rich details.

Business Reflections…

In business the correlation of ‘team’ and ‘self’ is critical. Often times, important resources are lost when the team is disjointed. For example, wasting time (our most valuable resource!) can occur when you lose sight of the bigger picture. Thus, breaking down the big picture and defining what is important to you and your team allows for clear establishment and allocation of resources.

How does one avoid distractions? How can these be identified, measured, managed, and pushed off? Is the philosophy of saying ‘NO’ to everything but that which is the ultimate goal valuable? How does one position teams to understand the big picture and their critical objectives? Is the communication chain with choke points necessary, or can these be empowered within the teams?

  • Myself: The ‘big picture’ is being a parent directly and in the presence of my daughter. My secondary task is racing, training, and writing to better myself and others.
  • At Ernst & Young: Our Big Picture is realizing vision 2020, the creation of a Better Working World. My teams constantly seeking to create the best security and compliance programs based on global standards that are realized through the eyes of practitioners 
  • What are yours?

 

What is Battlefield Leadership and what is this series about … 

This is the fourth paper in this series. As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James

A practitioner’s leadership behavior – Battlefield Leadership series: Pegasus Bridge

An interesting leadership insight found here is how Major Howard was recognized as an elite candidate and then promoted as a leader. He was promoted twice in only two months. This is especially interesting since he had a bias against him for not being part of the British Aristocracy. Throughout war time, Howard’s aggressive actions and leadership skills gained him full command of the unit (160 men).

Major Howard believed in being where the critical decisions were happening. As a leader he took the following actions:

  1. Be where the critical decisions are required.
  2. Be where the hardest tasks are happening (Major Howard lead the team for the toughest actions).
  3. Cross-training. Major Howard’s teams were trained and cross-trained on every objective and task.
  4. Rewarding “A” players. Major Howard was able to select the best of the best across the organization.
  5. Training and competitions to hone the skills of the team.
  6. Garnering his own experiences.
  7. Organizing athletic challenges. Howard required for the team to not only continue mental toughness but also physical agility.
  8. Leading by example. While Major Howard was not loved by many, he was respected by all.

Business Reflection Questions…

  • How are you building cross-functional teams?
  • How are you yourself learning skills and demonstrating ability to achieve objectives?
  • What are you accomplishing with teams?
  • How are the teams performing as a result of your leadership?
  • What marks of distinction do you and your team’s bear?
  • How are you making your team excel and treating the “A” players?

Basically… What is your competition, internally and externally, and how are you performing?


 

What is Battlefield Leadership and what is this series about … 

This is the third paper in this series. As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James

Product development – Battlefield leadership series: WN60 – defensive positions by Germans at Omaha Beach

Leading up to the invasion of Normandy (read this book on the topic, 2 week perspective shifting emotional journey), the leaders of each side had differing ideas about when an invasion should and would occur. The Allies came to the conclusion of low to mid-tide times, and the Germans believed that that the Allies would prefer to invade during high-tide.

The Germans built obstacles around the Omaha Beach shore. They created mines throughout the beach that would be hidden during high tide. Based on gun placements along the cliffs, the Germans were confident that this would be ideal in protecting their own. After preparations were finished, the Germans had dozens of gun placements providing criss-crossing machine gun fire over the entirety of Omaha Beach. As history shows, the Allied casualty rate indicates exactly how successful these gun placements were.

In preparation for attack, the Allies took the opposite perspective. Low tide provided easy exit pathways later at high tide. Low tide also allowed the Allies to see the obstacles, carefully avoid them, and easily destroy them. During the battle, the removal of obstacles allowed for a continued steady landing of forces after the initial invasion.

The Allies won; they got Omaha Beach. They were able to exploit gaps in the German defensive strategy through the application of carefully planned actions.

Business Reflections…

In a free market world, there is always someone who sees an opportunity that others do not. The advantages to each opportunity are weighed and measured. The result can be great or completely opposite. During the invasion of Normandy, fire from the Germans required the infantry on the ground to adjust from the original plan (most Allied troops were landed in the wrong zones, without the equipment they needed, and the general leadership structure was fractured due to the loss of so many soldiers at the landing). This ability — the ability to go off course of the original plan in order to find success in the heat of battle — is crucial to businesses and their teams.

Leaders are not always on the ground and cannot be effective if the teams have to seek out answers prior to taking an initiative. The successful Allies learned from prior landings to implement the following (all applicable to businesses as well):

  1. Training, a lot of training. The troops were trained clearly, relentlessly, and aggressively. The training included hands-on challenges with similar landscape and environmental hurdles.
  2. Building culture. Teams, squads, packs, etc. of individuals were grouped together, in most cases, since enlisting. These groupings created mass cohesiveness and inspired troops to push themselves and their fellow soldiers further than they thought possible (as in the desire to ‘stand strong in front of their comrades’).
  3. Unit command – localized leadership and decision making allowed for the teams to respond, re-group, and deploy without micro-managed leadership (the Germans required authority to engage and move assets, and thus were to late in being effective in resisting the invasion force).

Leaders must consider how they are embracing the above, and how they have made themselves leaders instead of micro-managers with teams executing check-sheets. 


 

What is Battlefield Leadership and what is this series about … 

This is the second paper in this series. As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,

James